Google Git
Sign in
apache / servicecomb-website / c9cefa775b816dd6ff66305ff82580aee8e7919c / . / content / cn / docs / users / use-tls / index.html
blob: 0872af9b8e4a4d6a4fd202a308bed1b7b7247537 [file] [log] [blame]
<!doctype html>
<!--
Minimal Mistakes Jekyll Theme 4.4.1 by Michael Rose
Copyright 2017 Michael Rose - mademistakes.com | @mmistakes
Free for personal and commercial use under the MIT license
https://github.com/mmistakes/minimal-mistakes/blob/master/LICENSE.txt
-->
<html lang="cn" class="no-js">
<head>
<meta charset="utf-8">
<!-- begin SEO -->
<title>使用TLS通信 - Apache ServiceComb</title>
<meta name="description" content="使用TLS通信">
<meta name="author" content="">
<meta property="og:locale" content="cn">
<meta property="og:site_name" content="Apache ServiceComb">
<meta property="og:title" content="使用TLS通信">
<link rel="canonical" href="https://github.com/pages/apache/incubator-servicecomb-website/cn/docs/users/use-tls/">
<meta property="og:url" content="https://github.com/pages/apache/incubator-servicecomb-website/cn/docs/users/use-tls/">
<meta property="og:description" content="使用TLS通信">
<meta name="twitter:site" content="@ServiceComb">
<meta name="twitter:title" content="使用TLS通信">
<meta name="twitter:description" content="使用TLS通信">
<meta name="twitter:url" content="">
<meta name="twitter:card" content="summary">
<script type="application/ld+json">
{
"@context" : "http://schema.org",
"@type" : "Person",
"name" : "Apache ServiceComb",
"url" : "https://github.com/pages/apache/incubator-servicecomb-website",
"sameAs" : null
}
</script>
<meta name="google-site-verification" content="HvJjNd7vvJ-yjSTHlBiIWEYxp_Hrz-PYEY5Idz9LRcA" />
<!-- end SEO -->
<link href="/feed.xml" type="application/atom+xml" rel="alternate" title="Apache ServiceComb Feed">
<!-- http://t.co/dKP3o1e -->
<meta name="HandheldFriendly" content="True">
<meta name="MobileOptimized" content="320">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script>
document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/g, '') + ' js ';
</script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script>
<script src="/assets/vendor/prism/prism.js"></script>
<script type="text/javascript" async
src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-MML-AM_CHTML">
</script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css" integrity="sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M" crossorigin="anonymous">
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/popper.min.js" integrity="sha384-b/U6ypiBEHpOf/4+1nzFpr53nxSS+GLCkfwBdFNTxtclqqenISfwAzpKaMNFNmj4" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js" integrity="sha384-h0AbiXch4ZDo7tp9hKZ4TsHbi047NrKGLO3SEJAg45jXxnGIfYzk4Si90RDIqNm1" crossorigin="anonymous"></script>
<!-- For all browsers -->
<link rel="stylesheet" href="/assets/css/main.css">
<link rel="stylesheet" href="/assets/vendor/prism/prism.css">
<!--[if lte IE 9]>
<style>
/* old IE unsupported flexbox fixes */
.greedy-nav .site-title {
padding-right: 3em;
}
.greedy-nav button {
position: absolute;
top: 0;
right: 0;
height: 100%;
}
</style>
<![endif]-->
<meta http-equiv="cleartype" content="on">
<!-- start custom head snippets -->
<!-- insert favicons. use http://realfavicongenerator.net/ -->
<link href="https://fonts.loli.net/css?family=Roboto:400,500,700|Source+Code+Pro" rel="stylesheet">
<script src="/assets/js/custom.js"></script>
<!-- end custom head snippets -->
</head>
<body class="layout--single">
<!--[if lt IE 9]>
<div class="notice--danger align-center" style="margin: 0;">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</div>
<![endif]-->
<div class="masthead" onmouseleave="$('#childrenShow').css('display', 'none')">
<div class="masthead__inner-wrap">
<div class="masthead__menu">
<nav id="site-nav" class="greedy-nav">
<a class="site-title active" href="/cn"><img src="https://www.apache.org/img/servicecomb.png"></a>
<ul class="visible-links">
<li class="masthead__menu-item" onmouseenter="$('#childrenShow').css('display', 'none')">
<a href="/cn/">首页</a>
</li>
<li class="masthead__menu-item" onmouseenter="$('#childrenShow').css('display', 'none')">
<a href="/cn/developers/">项目</a>
</li>
<li class="def-nav-li" onmouseenter="$('#childrenShow').css('display', 'block')">
<a class="active" href="/cn/docs/users/">文档</a>
<ul id="childrenShow" class="def-children-show-cn" onmouseleave="$('#childrenShow').css('display', 'none')">
<li><a href="/cn/docs/getting-started/" class="">入门指南</a></li>
<li><a href="/cn/docs/users/" class="">用户手册</a></li>
<li><a href="/cn/slides/" class="">大咖视频</a></li>
<li><a href="/cn/faqs/" class="">常见问题</a></li>
</ul>
</li>
<li class="masthead__menu-item" onmouseenter="$('#childrenShow').css('display', 'none')">
<a href="/cn/developers/contributing/">社区</a>
</li>
<li class="masthead__menu-item" onmouseenter="$('#childrenShow').css('display', 'none')">
<a href="/cn/year-archive/">博文</a>
</li>
<li class="masthead__menu-item" onmouseenter="$('#childrenShow').css('display', 'none')">
<a href="/cn/release/">下载</a>
</li>
</ul>
<button><div class="navicon"></div></button>
<ul class="hidden-links hidden"></ul>
<div class="nav-lang">
<a href=/docs/users/use-tls/>English</a>
</div>
</nav>
</div>
</div>
</div>
<div id="main" role="main">
<div class="sidebar sticky">
<div class="back-to-home"><a href="/cn/">首页</a> > 使用TLS通信</div>
<nav class="nav__list">
<input id="ac-toc" name="accordion-toc" type="checkbox" />
<label for="ac-toc">切换菜单</label>
<ul class="nav__items">
<li>
<span class="nav__sub-title">Java-chassis用户手册</span>
<ul>
<li><a href="/references/java-chassis/en_US/" class="">2.3.0</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">Pack用户手册</span>
<ul>
<li><a href="https://github.com/apache/servicecomb-pack/blob/master/docs/user_guide.md" class="">0.5.0(英文版)</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">ServiceCenter用户手册</span>
<ul>
<li><a href="https://service-center.readthedocs.io/en/latest/user-guides.html" class="">2.0.0(英文版)</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">Kie 用户手册</span>
<ul>
<li><a href="https://kie.readthedocs.io/en/latest/" class="">0.2.0(英文版)</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">Mesher 用户手册</span>
<ul>
<li><a href="https://mesher.readthedocs.io/en/latest/" class="">1.6.3(英文版)</a></li>
</ul>
</li>
</ul>
</nav>
</div>
<article class="page" itemscope itemtype="http://schema.org/CreativeWork">
<meta itemprop="headline" content="使用TLS通信">
<meta itemprop="description" content="使用TLS通信">
<meta itemprop="dateModified" content="August 15, 2017">
<div class="page__inner-wrap">
<header>
<h1 class="page__title" itemprop="headline">使用TLS通信
</h1>
</header>
<section class="page__content" itemprop="text">
<h2 id="场景描述">场景描述</h2>
<p>用户通过简单的配置即可启用TLS通信,以保障数据的传输安全。</p>
<h2 id="外部服务通信配置">外部服务通信配置</h2>
<p>与外部服务通信相关的配置写在microservice.yaml文件中。</p>
<ul>
<li>
<p>服务中心TLS通信配置
微服务与服务中心的连接可以通过将http改为https启用TLS通信,配置示例如下:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="na">servicecomb</span><span class="pi">:</span>
<span class="na">service</span><span class="pi">:</span>
<span class="na">registry</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">https://127.0.0.1:30100</span>
</code></pre></div> </div>
</li>
<li>
<p>服务提供者启用TLS通信
服务提供者在配置服务监听地址时,可以通过在地址后面追加<code class="language-plaintext highlighter-rouge">?sslEnabled=true</code>开启TLS通信,示例如下:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="na">servicecomb</span><span class="pi">:</span>
<span class="na">rest</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0:8080?sslEnabled=true</span>
<span class="na">highway</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0:7070?sslEnabled=true</span>
</code></pre></div> </div>
</li>
</ul>
<h2 id="证书配置">证书配置</h2>
<p>证书配置项写在microservice.yaml文件中,支持统一制定证书,也可以添加tag进行更细粒度的配置,有tag的配置会覆盖全局配置,配置格式如下:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="s">ssl.[tag].[property]</span>
</code></pre></div></div>
<p>证书配置项见下表证书配置项说明表。</p>
<p><strong>表1 证书配置项说明表</strong></p>
<table>
<thead>
<tr>
<th style="text-align: left">配置项</th>
<th style="text-align: left">默认值</th>
<th style="text-align: left">取值范围</th>
<th style="text-align: left">是否必选</th>
<th style="text-align: left">含义</th>
<th style="text-align: left">注意</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">ssl.protocols</td>
<td style="text-align: left">TLSv1.2</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">协议列表</td>
<td style="text-align: left">使用逗号分隔</td>
</tr>
<tr>
<td style="text-align: left">ssl.ciphers</td>
<td style="text-align: left">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,<br />TLS_RSA_WITH_AES_256_GCM_SHA384,<br />TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,<br />TLS_RSA_WITH_AES_128_GCM_SHA256</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">算法列表</td>
<td style="text-align: left">使用逗号分隔</td>
</tr>
<tr>
<td style="text-align: left">ssl.authPeer</td>
<td style="text-align: left">true</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">是否认证对端</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.checkCN.host</td>
<td style="text-align: left">true</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">是否对证书的CN进行检查</td>
<td style="text-align: left">该配置项只对Consumer端,并且使用http协议有效,即Consumer端使用rest通道有效。对于Provider端、highway通道等无效。检查CN的目的是防止服务器被钓鱼,参考标准定义:<a href="https://tools.ietf.org/html/rfc2818。">https://tools.ietf.org/html/rfc2818。</a></td>
</tr>
<tr>
<td style="text-align: left">ssl.trustStore</td>
<td style="text-align: left">trust.jks</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">信任证书文件</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.trustStoreType</td>
<td style="text-align: left">JKS</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">信任证书类型</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.trustStoreValue</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">信任证书密码</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.keyStore</td>
<td style="text-align: left">server.p12</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">身份证书文件</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.keyStoreType</td>
<td style="text-align: left">PKCS12</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">身份证书类型</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.keyStoreValue</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">身份证书密码</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.crl</td>
<td style="text-align: left">revoke.crl</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">吊销证书文件</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.sslCustomClass</td>
<td style="text-align: left">-</td>
<td style="text-align: left">org.apache.servicecomb.foundation.ssl.SSLCustom的实现类</td>
<td style="text-align: left"></td>
<td style="text-align: left">SSLCustom类的实现,用于开发者转换密码、文件路径等。</td>
<td style="text-align: left">-</td>
</tr>
</tbody>
</table>
<blockquote>
<p><strong>说明</strong></p>
<ul>
<li>默认的协议算法是高强度加密算法,JDK需要安装对应的策略文件,参考:<a href="http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html">http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html</a>。 您可以在配置文件配置使用非高强度算法。</li>
<li>微服务消费者,可以针对不同的提供者指定证书(当前证书是按照HOST签发的,不同的提供者都使用一份证书存储介质,这份介质同时给微服务访问服务中心和配置中心使用)。</li>
</ul>
</blockquote>
<h2 id="服务中心的证书配置">服务中心的证书配置</h2>
<p>目前支持使用环境变量来配置服务中心的TLS认证方式,默认开启TLS通信,双向认证模式,认证对端时同时校验对端是否匹配证书(CommonName)字段。服务管理中心的证书配置项说明见下表服务中心TLS证书配置项说明。</p>
<p><strong>表2 服务中心TLS证书配置项说明</strong></p>
<table>
<thead>
<tr>
<th style="text-align: left">配置项</th>
<th style="text-align: left">默认值</th>
<th style="text-align: left">取值范围</th>
<th style="text-align: left">是否必选</th>
<th style="text-align: left">含义</th>
<th style="text-align: left">注意</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">CSE_SSL_MODE</td>
<td style="text-align: left">1</td>
<td style="text-align: left">1/0<br />0:HTTPS<br />1:HTTP</td>
<td style="text-align: left"></td>
<td style="text-align: left">设置协议模式</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">CSE_SSL_VERIFY_CLIENT</td>
<td style="text-align: left">1</td>
<td style="text-align: left">1/0<br />0:HTTPS<br />1:HTTP</td>
<td style="text-align: left"></td>
<td style="text-align: left">设置HTTPS模式下是否认证对端</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">CSE_SSL_PASSPHASE</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">设置HTTPS模式下的证书密钥访问密码</td>
<td style="text-align: left">-</td>
</tr>
</tbody>
</table>
<p>服务管理中心配置文件为$APP_ROOT/conf/app.conf,配置项见,该配置暂不支持环境变量方式设置。</p>
<p>表3 服务中心配置文件</p>
<table>
<thead>
<tr>
<th style="text-align: left">配置项</th>
<th style="text-align: left">默认值</th>
<th style="text-align: left">取值范围</th>
<th style="text-align: left">是否必选</th>
<th style="text-align: left">含义</th>
<th style="text-align: left">注意</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">ssl_protocols</td>
<td style="text-align: left">TLSv1.2</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">通信使用的SSL版本</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl_ciphers</td>
<td style="text-align: left">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,<br />TLS_RSA_WITH_AES_256_GCM_SHA384,<br />TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,<br />TLS_RSA_WITH_AES_128_GCM_SHA256,<br />TLS_RSA_WITH_AES_128_CBC_SHA</td>
<td style="text-align: left">-</td>
<td style="text-align: left"></td>
<td style="text-align: left">配置使用算法列表</td>
<td style="text-align: left">由于服务中心支持HTTP/2协议,所以ssl_ciphers必须配置有TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256算法。TLS_RSA_WITH_AES_128_GCM_SHA256、TLS_RSA_WITH_AES_128_CBC_SHA被列为HTTP/2协议的不安全算法黑名单,但为了客户端算法兼容性,存在时必须配置到最后一位。</td>
</tr>
</tbody>
</table>
<h2 id="密钥物料及证书存放路径">密钥物料及证书存放路径</h2>
<p><strong>表4 密钥物料及证书存放路径</strong></p>
<table>
<thead>
<tr>
<th style="text-align: left">配置项</th>
<th style="text-align: left">含义</th>
<th style="text-align: left">对应环境变量</th>
<th style="text-align: left">注意</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">/</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE</td>
<td style="text-align: left">-</td>
<td style="text-align: left">INSTALL_ROOT</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/cipher</td>
<td style="text-align: left">密钥物料存放目录</td>
<td style="text-align: left">CIPHER_ROOT</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl</td>
<td style="text-align: left">证书存放目录</td>
<td style="text-align: left">SSL_ROOT</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl/trust.cer</td>
<td style="text-align: left">授信CA</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl/server_key.pem</td>
<td style="text-align: left">已加密服务端私钥文件</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl/server.cer</td>
<td style="text-align: left">服务器证书</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl/cert_pwd</td>
<td style="text-align: left">用于存放解密私钥的对称加密密文文件</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/apps</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/apps/ServiceCenter</td>
<td style="text-align: left">-</td>
<td style="text-align: left">APP_ROOT</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/apps/ServiceCenter/conf</td>
<td style="text-align: left">服务管理中心配置文件目录</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/apps/ServiceCenter/conf/app.conf</td>
<td style="text-align: left">应用配置文件</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
</tbody>
</table>
<h2 id="示例代码">示例代码</h2>
<p>microservice.yaml文件中启用TLS通信的配置示例如下:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">servicecomb</span><span class="pi">:</span>
<span class="na">service</span><span class="pi">:</span>
<span class="na">registry</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">https://127.0.0.1:30100</span>
<span class="na">rest</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0:8080?sslEnabled=true</span>
<span class="na">highway</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0:7070?sslEnabled=true</span>
<span class="c1">#########SSL options</span>
<span class="s">ssl.protocols</span><span class="pi">:</span> <span class="s">TLSv1.2</span>
<span class="s">ssl.authPeer</span><span class="pi">:</span> <span class="no">true</span>
<span class="s">ssl.checkCN.host</span><span class="pi">:</span> <span class="no">true</span>
<span class="c1">#########certificates config</span>
<span class="s">ssl.trustStore</span><span class="pi">:</span> <span class="s">trust.jks</span>
<span class="s">ssl.trustStoreType</span><span class="pi">:</span> <span class="s">JKS</span>
<span class="s">ssl.trustStoreValue</span><span class="pi">:</span> <span class="s">Changeme_123</span>
<span class="s">ssl.keyStore</span><span class="pi">:</span> <span class="s">server.p12</span>
<span class="s">ssl.keyStoreType</span><span class="pi">:</span> <span class="s">PKCS12</span>
<span class="s">ssl.keyStoreValue</span><span class="pi">:</span> <span class="s">Changeme_123</span>
<span class="s">ssl.crl</span><span class="pi">:</span> <span class="s">revoke.crl</span>
<span class="s">ssl.sslCustomClass</span><span class="pi">:</span> <span class="s">org.apache.servicecomb.demo.DemoSSLCustom</span>
</code></pre></div></div>
</section>
<footer class="page__meta">
</footer>
</div>
</article>
</div>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<div align="center" style="margin: 0 0;">
<ins class="adsbygoogle"
style="display:block; border-bottom: initial;"
data-ad-client="ca-pub-7328585512091257"
data-ad-slot="3049671934"
data-ad-format="auto"></ins>
</div>
<div class="page__footer">
<footer>
<!-- start custom footer snippets -->
<!-- end custom footer snippets -->
<div class="container">
<div class="row justify-content-md-center">
<div class="col">
<ul>
<p class="header">资源</p>
<li><a href="/cn/docs/getting-started/">入门指南</a></li>
<li><a href="/cn/docs/users/">用户指南</a></li>
<li><a href="/cn/slides/">资料</a></li>
<li><a href="/cn/users/faq/">常见问题</a></li>
</ul>
</div>
<div class="col">
<ul>
<p class="header">ASF</p>
<li><a href="http://www.apache.org">基金会</a></li>
<li><a href="http://www.apache.org/licenses/">许可证</a></li>
<li><a href="http://www.apache.org/events/current-event">活动</a></li>
<li><a href="http://www.apache.org/foundation/sponsorship.html">赞助</a></li>
<li><a href="http://www.apache.org/foundation/thanks.html">鸣谢</a></li>
</ul>
</div>
<div class="col">
<ul>
<p class="header">贡献</p>
<li><a href="http://issues.apache.org/jira/browse/SCB">报告本网页问题</a></li>
<li><a href="https://github.com/apache/servicecomb-website/edit/master/_users/cn/use-tls.md">在Github上编辑此页</a></li>
<li><a href="/cn/developers/submit-codes/">代码提交指南</a></li>
<li><a href="/cn/security">安全</a></li>
</ul>
</div>
<div class="col">
<ul class="social-icons">
<p class="header">社区</p>
<li>
<a href="mailto:dev-subscribe@servicecomb.incubator.apache.org" rel="nofollow"><span class="mail">邮件列表</span></a>
</li>
<li>
<a href="https://github.com/apache?q=ServiceComb" target="_blank"><span class="github">Github</span></a>
</li>
<li>
<a href="https://twitter.com/ServiceComb" target="_blank"><span class="twitter">Twitter</span></a>
</li>
<li>
<a href="/feed.xml" target="_blank"><span class="rss">Feed</span></a>
</li>
</ul>
</div>
</div>
</div>
<div class="page__footer-bottom">
<div>&copy; 2021 Apache ServiceComb. 技术来自于 <a href="http://jekyllrb.com" rel="nofollow">Jekyll</a> &amp; <a href="https://mademistakes.com/work/minimal-mistakes-jekyll-theme/" rel="nofollow">Minimal Mistakes</a>.</div>
<div>All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div>
</div>
</footer>
</div>
<script src="/assets/js/main.min.js"></script>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-101622733-1', 'auto');
ga('send', 'pageview');
</script>
</body>
</html>